Memory is an important shared resource on a computer system. Computer systems run many different applications at the same time, and each of these applications needs access to memory to store its own code and working data. Strong security controls must be in place to protect the contents of memory so that unauthorized applications can’t access portions of memory assigned to other applications.
- [Narrator] Memory is an important shared resource on a computer system. Computer systems run many different applications at the same time, and each of these applications needs access to memory to store its own code and its working data. Strong security controls must be in place to protect the contents of memory so that unauthorized applications can't access portions of memory assigned to other applications and gain access to sensitive information or make unauthorized changes to the code supporting an application.
As you prepare for the CISSP exam you should be familiar with the different types of memory. There are two majority categories of memory, read-only memory, or ROM, and random access memory, or RAM. ROM has contents that are written permanently or semi-permanently to the physical memory chip. This might include the low-level BIOS that provides primitive instructions to a computer system or the firmware that controls embedded devices. There are several different types of ROM, including technology that allows ROM to be erased and overwritten to perform upgrades.
RAM is the shared memory used by all of the applications on a computer system. Those applications can read or write the memory that is assigned to them, and the contents of RAM are typically lost when the computer is turned off. RAM is shared among many different applications and it's the operating system's responsibility to enforce access restrictions. The operating system must perform an important function called memory management. Essentially, memory management means that the operating system must keep track of which processes own which portions of memory.
The operating system tracks and manages assignments, fulfilling requests from applications for more memory, and releasing memory that is no longer needed by an application, freeing it up for other uses. In addition to managing memory assignments, the operating system is also responsible for memory protection. This means that it must enforce access rules, making sure that processes don't access portions of memory that don't belong to them. Unauthorized requests may be innocent in nature, resulting from bugs in applications, or they may be more malicious attempts to undermine memory security.
When a memory access violation occurs, the application receives an error known as a segmentation fault. This error type simply means that a request violated the access control rules trying to access a memory segment that was not assigned to that application. One other memory issue you should be aware of is an error condition known as a memory leak. Memory leaks occur when applications request memory from the operating system and don't fully release that memory when it is no longer needed.
These requests may pile up over time, slowly or quickly taking over all of the available memory on a system, denying other applications access to needed memory and grinding system functions to a halt. A reboot may correct a memory leak temporarily but the real fix requires modifying the application code to avoid the memory leak in the first place.
Author
Updated
8/28/2020Released
3/8/2018Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx. You can also join Mike's free study group at certmike.com.
- Understanding security design principles and models
- Cloud computing and virtualization
- Hardware security
- Client and server vulnerabilities
- Web security vulnerabilities
- Securing mobile devices and smart devices
- Understanding encryption
- Symmetric and asymmetric cryptography
- Key management and public key infrastructure
- Physical security
Skill Level Advanced
Duration
Views
Related Courses
-
Insights from a Cybersecurity Professional
with Mike Chapple32m 15s Intermediate
-
Introduction
-
Your security architecture2m 38s
-
-
1. Security Engineering
-
Secure design principles5m 18s
-
Security models4m 14s
-
Security requirements3m 25s
-
-
2. Cloud Computing and Virtualization
-
Virtualization4m 20s
-
Cloud computing models3m 44s
-
Public cloud tiers5m 35s
-
-
3. Hardware Security
-
Memory protection3m 20s
-
Interface protection4m 10s
-
-
4. Client and Server Vulnerabilities
-
Client security issues6m 16s
-
Server security issues4m 25s
-
NoSQL databases6m 53s
-
-
5. Web Security
-
OWASP top ten4m 52s
-
SQL Injection prevention5m 20s
-
Fuzz testing6m 44s
-
Session hijacking3m 50s
-
-
6. Mobile Security
-
Mobile device security2m 35s
-
Mobile device management6m 14s
-
Mobile device tracking3m 14s
-
Mobile application security4m 23s
-
Bring your own device (BYOD)4m 47s
-
-
7. Smart Device Security
-
Industrial control systems4m 36s
-
Smart home technology3m 6s
-
-
8. Encryption
-
Understanding encryption3m 24s
-
Goals of cryptography2m 49s
-
Codes and ciphers3m 20s
-
The cryptographic life cycle2m 49s
-
Digital rights management2m 17s
-
-
9. Symmetric Cryptography
-
3DES3m 35s
-
AES, Blowfish, and Twofish6m 40s
-
RC42m 23s
-
Steganography4m 55s
-
10. Asymmetric Cryptography
-
Rivest-Shamir-Adleman (RSA)3m 26s
-
PGP and GnuPG11m 9s
-
-
11. Key Management
-
Key exchange3m 4s
-
Diffie-Hellman5m 12s
-
Key escrow3m 13s
-
Key stretching1m 55s
-
-
12. Public Key Infrastructure
-
Trust models3m 1s
-
PKI and digital certificates4m 28s
-
Hash functions9m 11s
-
Digital signatures4m 4s
-
Create a digital certificate4m 33s
-
Revoke a digital certificate1m 48s
-
-
13. Cryptanalytic Attacks
-
Brute-force attacks3m 12s
-
Knowledge-based attacks2m 10s
-
-
14. Physical Security
-
Site and facility design3m 7s
-
Physical access control3m 58s
-
Visitor management1m 35s
-
-
Conclusion
-
Next steps41s
-
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Memory protection